Pidgin < 2.10.1 Multiple Vulnerabilities

This script is Copyright (C) 2011 Tenable Network Security, Inc.


Synopsis :

An instant messaging client installed on the remote Windows host is
potentially affected by multiple vulnerabilities.

Description :

The version of Pidgin installed on the remote host is earlier than
2.10.1 and is potentially affected by the following issues :

- A failure to validate input during the processing of
UTF-8 SILC protocol messages can cause the application
to crash. (CVE-2011-3594, CVE-2011-4603)

- A failure to validate input during the processing of
UTF-8 Oscar protocol buddy authorization request and
response messages can cause the application to crash.
(CVE-2011-4601)

- An error exists in the validation of voice and chat
messages in the XMPP protocol that can cause the
application to crash. (CVE-2011-4602)

See also :

http://developer.pidgin.im/wiki/ChangeLog
http://pidgin.im/news/security/?id=56
http://pidgin.im/news/security/?id=57
http://pidgin.im/news/security/?id=58
http://pidgin.im/news/security/?id=59

Solution :

Upgrade to Pidgin 2.10.1 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.6
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 57318 ()

Bugtraq ID: 49912
51010
51070
51074

CVE ID: CVE-2011-3594
CVE-2011-4601
CVE-2011-4602
CVE-2011-4603

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now